Nom original: TransformregulatoryconstraintsrelatedtoKYC2015.pdf
Titre: Présentation PowerPoint
Auteur: Karin BENDAYAN
Ce document au format PDF 1.5 a été généré par Microsoft® PowerPoint® 2013, et a été envoyé sur fichier-pdf.fr le 05/11/2015 à 12:02, depuis l'adresse IP 95.128.x.x.
La présente page de téléchargement du fichier a été vue 376 fois.
Taille du document: 765 Ko (15 pages).
Confidentialité: fichier public
Aperçu du document
Transform regulatory constraints related to KYC
(Know Your Customer) into competitive advantages
WHITE PAPER - September 2015
Transform regulatory constraints related to KYC
into competitive advantages
BEYOND THE SYSTEM
For a financial institution the KYC process (Know Your Customer), and specifically the
«On Boarding» process, is a prerequisite to enter into a relationship with a client, should
it be a private individual or a corporate body. The KYC process lasts throughout the
entire business relationship. If it is essential to collect data and the related documents
during the onboarding process, it is also crucial to make sure the data is kept up to date
throughout the life cycle of the relationship and complies with international regulations
in force. Failure to comply with these requirements could have serious consequences.
As a result of new regulations, the quantity of data that needs to be collected has
increased substantially in the last few years. These regulations concern among other
things investor protection or fiscal transparency and place a considerable burden on the
client on boarding process.
However, changes to the processes and KYC systems, which initially appear to be costly
constraints, can be turned into profitable opportunities. For instance, by accelerating
customer profitability, lowering costs related to data quality, and enhancing the
Dodd Frank, EMIR, Mifid, AIFMD, FATCA, UCITS, AMLD4, … and soon the AEOI (Automatic
Exchange Of Information), are just some of the regulations which oblige the banking
industry to collect additional client data in order to meet legal obligations.
As regards investor protection, data that needs to be collected such as financial
information or risk appetite, is used to define a risk profile that will be used to propose
financial products in accordance with the profile, or to block transactions that are not
consistent with the profile. In this way the portfolio management system should be able
to draw data from the KYC system. Given that the risk profile can evolve, it is necessary
to have a process in place that makes sure the profile is continuously updated and
reflected across all systems using this data, such as account management and portfolio
In the banking industry there are of course set procedures for certain types of clients,
like «high risk» or «PEP» (Politically Exposed Person), that meet regulatory
requirements. For instance, before a “PEP” becomes a client, the procedure often
requires an approval committee, with representatives from compliance and Front Office
departments, to give the go-ahead. For these specific profiles, the revision policy
requires a more frequent review of accounts information and a specific follow-up of the
Since these regulations apply to every bank, and because clients have to provide a large
quantity of information to the banks, the bank can distinguish itself during the on
boarding process. Simplifying the process can transform the data collection constraint
into a client contact opportunity used to create a good image in a cost-effective way.
Reducing operational risks is not the only benefit that financial institutions can
obtain by complying with regulations. Seeing that data collection and modifications
costs will be incurred, ROI (Return On Investment) should be maximized.
To achieve this, a sales strategy should accompany the compliance approach, and
the systems should serve this strategy efficiently.
The quality, richness and freshness of KYC data, are key components required to deal
with risk in an environment that has become highly-sensitive to regulatory
discrepancies. Ensuring that the source of funds is clean and client’s transactions are
coherent are the fundamentals of KYC. Accurate and up-to-date client information is
paramount in detecting transactions that are fraudulent or carry a risk.
Client on boarding is a critical component of the account life cycle. The quality of the
data collected during this process will impact the systems consuming these data.
An efficient system should be based on good data quality control rules, that will ensure
quality of data when being integrated, in order to avoid possible duplication and address
inconsistencies for instance.
These quality rules need to be applied as early as possible, when data is entered into
the information system. This will make the costly data cleansing process easier
afterwards. For instance, a simple “search before create” function checks if similar
entries already exist in the system and avoids creating duplicates.
The cost of bad quality data is often underestimated. And yet, if data is not quality
controlled as soon as it enters the system, precious manual time will be lost doing
research, modifications, and correcting errors due to data being sent back and forth
between departments. Time wasted is pretty difficult to calculate but can be estimated
with a simple survey.
Applying good quality rules when data is entered does not dispense from performing
regular data cleansing that will help to refine rules applied earlier and guarantee
optimum quality in the long term. Data cleansing ensures that data quality is
guaranteed during the full life cycle of the account and not only during the on boarding,
for example when checking for obsolescence.
Dealing with the backlog of old data that has been in the system for many years requires
a data cleansing process that is best done before or at the same time as any KYC system
enhancements. Some banks had to create specific departments to upgrade their clients
database to the quality level required to address and comply with new regulations.
Let’s take a simple example: the LEI (Legal Entity Identifier), the code that uniquely
identifies any legal entity that engages in financial transactions. Introduced by the Dodd
Frank Act, banks had to reconcile each LEI issued by Swift with the corporate clients in
their data base. Company name and country of incorporation being practically the only
elements available to associate the right LEI meant that bad quality data, such as a
slightly misspelt or non standardized business name resulted in a considerable slowdown of the reconciliation process and also led to errors in applying the Dodd Frank
Here are some of the key functionalities that a KYC system should include:
It must be able to easily add criteria and fields, in order to respond quickly to new data
collection requirements, which may be imposed by new regulations in particular, but
also by risk/compliance managers. An automated support will help to structure data
fields for improved data management: for instance, a new data field will be assigned
with a data owner (the one who uses the data), a data manager (the one who defines
data management rules), data sensitivity rate, data consumption authorization,
upstream systems (those providing the data) and downstream (those consuming the
data), and so on…
KYC, at the heart of the information system
The system must also be proactive in order to inform the manager of the consequences
of a Change in Circumstances (CIC). Thus if the client’s risk profile changes, it is useful
that the manager is immediately informed of the new restrictions or opportunities that
it can create for the client. A simple change of address can lead to a series of impacts
that require action to be taken by the manager. It’s easier to have the list immediately
available in the KYC system rather than various alerts from systems using the data. It will
be easier to manage and will save time. However this will depend on the IT system’s
architecture and the data management rules.
In today’s digital world, customer experience can be enhanced and one of the means is
via a KYC system connected to digital applications (tablets, websites…). In this way, as
soon as a client relationship is established, the bank can be seen as a facilitator of
tedious administrative procedures. Data is entered by the client and reentering data
which could lead to errors is therefore unnecessary.
This not only contributes to a positive image of the bank but also reduces the time of the
on boarding process, offers an eco-friendly advantage and accustoms the client to
communicating in this way, which reduces bank costs in the long run. Admittedly except
in the case of a dedicated full-digital strategy it will still be necessary to continue manual
processes for clients resistant to technology. However reality and surveys both show
that there is an ever-increasing demand for digital from clients.
Automation also facilitates exchanges between the client and the bank and avoids errors
when re-entering data. Quality of client information will be improved and costs due to
data quality issues will be reduced.
The system must be linked to the compliance data sources like sanction lists for example.
It has to be reliable and able to block people on the sanction list but at the same limit
the number of false-positives that cause a waste of time.
The KYC system may not integrate reporting functions but it must of course provide a
link so that reporting tools can retrieve the necessary information for efficient data
Different types of monitoring: proactive, real-time and post monitoring should be
possible. This is to ensure that for example client transactions are in line with the risk
profile and with current regulations (e.g. AML).
The system must proved help in determining client classification according to the various
regulations and automatically define their risk profile.
For example, in the case of the EMIR, classification of corporate and financial
counterparties will have an impact on collateral, clearing and reconciliation criteria of
The system can also propose data management on a global level which can for example
make it easier to identify «ultimate beneficial owners» from legal entities.
It should be noted that information can be checked on internal systems in the case
where data has been collected and aggregated in-house or by an external service
Internet is frequently used by management to find out more about its potential
customers and clients. By going a few steps further, tools used for big data analytics can
collect large quantities of information that can be selected processed and retrieved as
required. KYC can use it to allow financial institutions to have even better risk control. As
an example, they can issue warnings on PEPs extremely rapidly by retrieving live
information on internet and checking it in an intelligent manner to avoid false alerts.
Certain external services can provide international round-the-clock monitoring and
add/modify information concerning thousands of persons/entities each month.
Audit trails are of course essential, as is facilitating the KYC process while protecting
private data in a secure environment.
BEYOND THE SYSTEM
On boarding is an important part of KYC but the KYC cycle must also remain active after
entering into a relationship with the customer. Whether it be «Changes ln
Circumstances» information spontaneously given by the client, or requested by the
bank, clear procedures and a smooth workflow must be part of the KYC management
Ongoing monitoring should be carried out. For example, in order to receive reminders
for client data updates, dates could be defined by the in-house bank processes or
imposed by the regulatory systems. Smart management means a client would receive
one letter instead of several at close intervals, which would reduce costs and would be
more favourably viewed by the client. It could also be sent by internet depending on
client preference or legal constraints. By making the process as simple as possible, the
client will perceive it as help to better manage risk factors relating to his accounts and
operations and not as an invasion of privacy.
If well managed, a KYC process can strengthen the client’s trust in his bank. New
regulations require that clients be contacted in order to furnish additional information.
Management can see this as an opportunity to communicate with the client and show
him the bank’s competencies, facilitate procedures in connection with his accounts and
improve the way they do business.
The client’s on boarding process and the ensuing customer relationship requires the
interaction of various bank members such as relationship managers, compliance experts,
legal experts and sometimes, sales, traders and credit risk experts.
A clear workflow and monitoring of all the stages of the process is very useful (four-eyes
principle, escalation etc.) On boarding of a person at risk will be subject to a validation
request from one or several Compliance Managers. With an efficient workflow system in
place, searching for information concerning a bank account application status can be
avoided and will save a considerable amount of time.
The number of parties involved requires a smooth workflow
Some banks have organized their KYC management services to include due diligence
teams. These are multi-skilled teams responsible for overseeing the on boarding process
and recertifications. They deal with the entire lifecycle of the account and have a broad
view of different aspects (administrative, legal, compliance etc.).
The system cannot limit itself to entering and monitoring data, managing the workflow
and providing dashboards. It must also be able to activate the appropriate procedure
for a given situation. As these procedures differ according to the various organizations,
it is necessary to define the processes and draft the procedures associated with the RACI
matrix before implementing the system.
A more advanced management system can also include an estimate of the file
processing capacity. In this way, reviewing files according to client risk level will be easier
It can also make it possible to plan availabilities of review board members in advance
and will contribute to a consistent and smooth workflow without having an impact on
the onboarding process. It can also help define the number of staff needed in advance
and for example propose to launch a recruitment process.
Although integrated in certain KYC systems, it is nevertheless preferable to manage the
procedures and workflow in a Business Process management system rather than with
the KYC tool itself. This will make it possible to have a global management system to
which the KYC, among others, is connected. Also, a BPM platform is better in terms of
workflow, and extends beyond the scope of the software by including expertise and a
best-practices guideline for users.
BEYOND THE SYSTEM
A KYC system that is well linked to the BPM (Business Process Management) and
includes automated business line management rules will greatly facilitate the process.
The smoother the process is and the more it engages with the participants, the less it
will cost. The workflow will for example guide KYC stakeholders through the remaining
tasks. An on boarding process can take between 1 hour and 6 months depending on
client complexity and response time to requests. Clear monitoring can speed up the
process and thus generate income.
The BPM can also be used to create case studies in case of an alert during the account's
It can also block the on boarding process as long as key information concerning
compliance and risk has not been entered. As these elements could potentially block the
process, it is no use continuing with other actions necessary for opening an account
before they are validated.
Certain BPM systems can manage modifications in the data utility (business model) of
the KYC process and instantly modify the procedure, make it available to users and
display an alert concerning modifications that have been made.
As regards the process, the system provides help in decision-making and the procedures
govern a business process but often the final decision depends on human judgment. We
should not reason in terms of systems and procedures only we should also capitalize on
human expertise. In this way due diligence can be optimized through automation in
order to free up time for high-value added tasks.
As is the case for numerous systems, integrating a KYC system is not purely technical as it
is essential to take into account the bank's strategy, understand business, compliance
and legal needs as well as client expectations. This will help in setting up simple
processes that are understood and adopted by stakeholders for the benefit of the client.
BEYOND THE SYSTEM
In order to do so and lead the effective development of a KYC system, it is necessary to
have a cross-functional and technical perspective. The functional aspect must take into
account the bank's sales strategy and compliance, risk and legal constraints. The
technical aspect requires a good understanding of systems, the way they interact and
the limits of ongoing projects.
Reputational risk due to KYC failure is particularly strong. A brand needs time and means
to build its reputation and just a few articles are enough to damage it, which in turn
means less clients and revenue. A well-designed KYC platform including not only
software but also the relevant procedures reduces operational risks and therefore
reputational risks. Although costs to upgrade KYC processes can be high, not doing so
could turn out to be a lot more costly.
Admittedly, taking into consideration these developments in a broader context than just
compliance with regulations costs more but can provide a significant competitive edge.
Complying with new or modified regulations in the KYC process should be viewed as an
opportunity to gain a competitive advantage by reducing costs, generating more
revenue faster and rendering the process more efficient in order to reduce operational
Do you want to know more?
France: + 33 1 42 65 90 90
Luxembourg: + 352 26 09-1
United Kingdom: + 44 203 693 7810
Switzerland: + 41 21 635 05 36